InfoSci®-Journals Annual Subscription Price for New Customers: As Low As US$ 4,950

This collection of over 175 e-journals offers unlimited access to highly-cited, forward-thinking content in full-text PDF and XML with no DRM. There are no platform or maintenance fees and a guarantee of no more than 5% increase annually.

Receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book. Plus, take 20% off when purchasing directly through IGI Global's Online Bookstore.

Take 20% Off All Publications Purchased Directly Through the IGI Global Online Bookstore: www.igi-global.com/

Abstract

This study extends the vulnerability analysis of a RFID authentication protocol and offers solutions to security weaknesses through enhanced measures. Vajda and Buttyan (VB) proposed a lightweight RFID authentication protocol, called XOR. Defend, Fu, and Juels (DFJ) analyzed it and proposed repeated keys and nibble attacks to the protocol. In this paper, we identify the source of vulnerability within VB’s original successive session key permutation algorithm. We propose three improvements, namely removing bad shuffles, hopping the runs, and authenticating mutually, to prevent DFJ’s attacks, thereby significantly strengthening the security of the protocol without introducing extra resource cost.

Article Preview

2. Original Xor Protocol And Repeated Keys Attack

The original XOR protocol by VB (Vajda & Buttyan, 2003) is a challenge-response protocol as shown in Figure 1. Under the following assumptions: (1) the readers and tags initially share a piece of secret key k(0), (2) both reader and tag are capable of calculating a permutation ∏ (given soon), and (3) reader and tag maintain a synchronized counter i to indicate the current run of authentication, the challenge-response process at the ith run can be described as follows:

Figure 1.

A simple example (S: Split, P: Permute, M: Mix). It shows how the session keys k(i-1), k(i), and k(i+1) are developed. We underline the numbers that are always on the right halves. This demonstrates that the left half session key always stays on the left, and the right half always stays on the right.